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NETWORK MANAGEMENT SYSTEM 



BACKGROUND OF THE INVENTION 

The present invention relates in general to a 
network management system. More particularly, the 
invention relates to a network management system for 
managing a network system to which a plurality of 
networks the address systems of which are different 
from one another are connected. 

IP addresses as network addresses which are 
currently most widely utilized in the Internet and the 
like are prescribed in accordance with the protocol 
called the IPv4 (Internet Protocol ver. 4) and also are 
addresses each having the address space of 32 bits. 
The network addresses must be uniquely allocated to 
apparatuses connected to the network, respectively, and 
hence the allocation of the network addresses to the 
apparatuses connected to the Internet has been carried 
out by the organ called NIC or the like in such a way 
as to become unique. Since in the IPv4, each of the IP 
addresses has the address space of 32 bits, the 
addresses of 2 to the 32-th power, i.e., four billions 
at maximum can be theoretically allocated. However, as 
the number of apparatuses connected to the Internet is 
increased, it becomes difficult to allocate the IP 
addresses of the IPv4 to all of the apparatuses 
connected to the Internet. 
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The technique which is widely used as the 
technique for solving the above-mentioned problem is 
the method wherein the address translation function 
described in RFC1631 (The IP Network Address 
5 Translator) decided by the IETF is combined with the 
private network described in RFC1918 (Address Alloca- 
tion for Private Internets) . The method is established 
on the assumption that for example, all of the appara- 
tuses which are present in the local network such as 

10 the network within industry are not necessarily 

connected to the external network such as the Internet. 
In other words, first of all, the local network such as 
network within industry allocates the IP address using 
the address which falls within the private address 

15 described in RFC1918 to construct the network. At this 
time, with this private address, the associated appara- 
tuses are not connected to the external network such as 
the Internet. With respect to the apparatuses 
connected to the external network such as the Internet, 

20 the address translator described in RFC1613 is disposed 
between the local network and the external network such 
as the Internet, and the address of the transmission/ 
reception packet is translated through the address 
translation from the private address into the global 

25 address with which the access is given to the Internet, 
thereby making the connection to the Internet possible. 
Now, by the global address is meant the address which 
is allocated by the NIC or the like. At this time, 



there is also made the device in which the infinite 
global addresses are effectively utilized in such a way 
that the global addresses are dynamically allocated to 
make it possible that a plurality of local nodes hold 
5 one global address in common on the basis of the time- 
sharing. 

Now, in the address translation described in 
RFC1631, the rewriting of the transmission source IP 
address and the transmission destination IP address 

10 which are contained in the header of the IP packet, and 
the change of the check sum of the IP header which is 
generated along with the rewriting are recalculated to 
replace them with each other. As a result, the 
communication by TCP/IP becomes possible, and the 

15 communication according to the protocol of the upper 
layer with respect thereto also becomes possible. 

However, though in the network management 
protocol such as the SNMP, the IP address is contained 
in a protocol data unit (PDU) as well in which the data 

2 0 is exchanged in accordance with the management 

protocol, this part is not subjected to the address 
translation in the address translator described in 
RFC1631 . 

On the other hand, in JP-A-11-187058, in 
25 addition to the function of the address translation 

described in RFC1631, the address translator having the 
function of carrying out the address translation with 
respect to the protocol data unit as well of the 
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management protocol is described. 

SUMMARY OF THE INVENTION 

However, if the operation based on the 
private address and the global address is carried out 
5 by the address translator, then this operation will be 
carried out through the communication in accordance 
with the management protocol using the global address 
which can be used in the network on the side of the 
manager node. For this reason, the communication in 

10 accordance with the management protocol can be carried 
out only with the node which is located on the managed 
side and to which the global address is already 
allocated. However, if in the network management, the 
management can be carried out for the node as well 

15 which has not such a global address allocated thereto, 
it becomes possible to carry out the more effective 
management. This respect is not disclosed in the 
method described in JP-A-11-187058 . 

In the light of the foregoing, the present 

20 invention has been made in order to solve the above- 
mentioned problems associated with the prior art, and 
it is therefore an object of the present invention to 
provide a network management system in which the data 
communication in accordance with a management protocol 

25 can be carried out even between nodes each not having a 
global address in a network system in which networks of 
different address systems are connected to one another 



through an address translator. 

As one means for attaining the above- 
mentioned object, according to the present invention, 
there is provided a network management system for 
5 managing a network system in which a first network and 
a second network which are different in address system 
from each other are connected to each other through an 
address translator, wherein each of the first and 
second networks includes a node and a management 

10 protocol proxy, and each of the management protocol 
proxies includes a management protocol proxy data 
generating unit for treating, as the management 
protocol proxy data, a transmission source address, a 
transmission destination address and data in a protocol 

15 data unit which are contained in a packet of a manage- 
ment protocol sent from a node, and an address transla- 
tion unit for translating address information within a 
protocol data unit contained in management protocol 
proxy data sent from another management protocol proxy. 

20 As a result, it is possible to carry out the 

data communication between the proxies of the manage- 
ment protocol, and it is also possible to carry out the 
data communication between the nodes each not having 
the global address. 



25 



BRIEF DESCRIPTION OF THE DRAWINGS 

The above and other objects as well as 
advantages of the present invention will become clear 
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by the following description of the preferred embodi- 
ments of the present invention with reference to the 
accompanying drawings, wherein: 

Fig. 1 is a diagram showing a basic configu- 
5 ration of a network system; 

Fig. 2 is a diagram showing a structure of a 
packet of an SNMP message; 

Fig. 3 is a diagram showing a structure of a 
packet of management protocol proxy data; 
10 Fig. 4 is a diagram useful in explaining a 

function of an NAT; 

Fig. 5 is a diagram showing a structure of a 
packet of an SNMP message; 

Fig. 6 is a diagram showing a structure of a 
15 packet of an SNMP message; 

Fig. 7 is a diagram showing one application 
example in a virtual network management system; 

Fig. 8 is a diagram showing one application 
example in a virtual network management system; 
20 Fig. 9 is a diagram showing one application 

example in a virtual network management system; 

Fig. 10 is a diagram showing one application 
example in a virtual network management system; 

Fig. 11 is a diagram showing one application 
25 example in a virtual network management system; 

Fig. 12 is a block diagram showing a configu- 
ration of a management protocol proxy on the managed 
side; 
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Fig. 13 is a block diagram showing a configu- 
ration of a management protocol proxy on the managing 
side; 

Fig. 14 is a diagram showing one example of 
5 management protocol proxy data; 

Fig. 15 is a block diagram showing a configu- 
ration of a proxy data disassembly/assembly unit; 

Fig. 16 is a diagram showing a definition 
example of the other party proxy definition; 
10 Fi 9- 17 is a flow chart useful in explaining 

the processing of assembling proxy data; 

Fig. 18 is a flow chart useful in explaining 
the processing of disassembling proxy data; 

Fig. 19 is a block diagram showing a configu- 
15 ration of an address translation processing unit; 

Fig. 20 is a block diagram showing a configu- 
ration of an object identifier address translation 
unit; 

Fig. 21 is a flow chart useful in explaining 
20 the processing executed in a PDU analysis/translation 
unit; 

Fig. 22 is a diagram useful in explaining the 
relationship among a kind of PDU, the direction of 
transmitting a PDU and the translation direction of the 
25 address translation; 

Fig. 23 is a flow chart useful in explaining 
the processing in a translation subject object 
identifier extraction unit; 
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Fig. 24 is a diagram showing a definition 
example of the address translation definition; 

Fig. 25 is a diagram showing an example of a 
configuration of a virtual network management system; 
5 Fig. 26 is a block diagram showing a configu- 

ration of a management protocol proxy; 

Fig. 27 is a block diagram showing a configu- 
ration of a management protocol proxy; 

Fig. 2 8 is a diagram showing an example of a 
10 configuration of a virtual network management system; 
and 

Fig. 29 is a block diagram showing a configu- 
ration of a management protocol proxy on the managed 
side . 



15 DESCRIPTION OF THE EMBODIMENTS 

The preferred embodiments when an SNMP is 
applied to a management protocol will hereinafter be 
described in detail with reference to the accompanying 
drawings . 

20 Fig. 1 is a diagram showing the concept of a 

network management system which will be described in 
the present embodiment. 

The present system includes a global network 
10, a private network A 30a and a private network B 

25 30b. Then, the private network A 30a is connected to 
the global network 10 through an NAT 20a for carrying 
out the address translation, while the private network 
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B 30b is connected to the global network 10 through an 
NAT 20b for carrying out the address translation. 

A node 80 for carrying out the monitoring is 
connected to the private network A 30a. This node 80 
5 includes a manager 40 for executing the processing for 
monitoring managed nodes, and a management protocol 
proxy 60a for carrying out the generation of proxy data 
of the management protocol, the address translation 
within a protocol data unit contained in the proxy 

10 data, and the like. 

In addition, nodes 50 and 90 as the managed 
nodes, and the management protocol proxy server 60b for 
carrying out the generation of proxy data of the 
management protocol, the address translation within a 

15 protocol data unit contained in the proxy data, and the 
like are connected to the private network B 30b. 

In such a configuration, in the present 
network management system, the node 8 0 for carrying out 
the monitoring is adapted to manage the nodes 50 and 90 

2 0 as the managed nodes. 

When the data communication is intended to be 
carried out with the node 50 as the managed node 
through the manager 40 of the node 80 of the private 
network 30a, the data communication is carried out 

25 between the management protocol proxy 60a of the node 
80 and the management protocol proxy server 60b of the 
private network B 30b. This becomes equivalent to that 
a virtual communication path called an interproxy 



communication path 7 0 is formed. 

If such a configuration is adopted, then the 
data communication can be carried out between the 
networks when the address used in the private network A 
30a is different from that used in the private network 
B 30b, i.e., when their address systems are different 
from each other. In addition, even in the case where a 
fire wall or the like which is adopted to block the 
passage of any of the addresses of the private networks 
and the address of the global network is formed between 
the private network A 30a and the private network B 
30b, the data communication can be made possible. 

The operation of the overall network system 
shown in Fig. 1 will hereinbelow be described more 
concretely. 

Fig. 2 is a diagram showing an SNMP message 
packet of a management protocol SNMP of the node. Fig. 
3 is a diagram showing a packet of management protocol 
proxy data of the management protocol proxy server. 
That is, the management protocol proxy 60a and the 
management protocol proxy server 60b store the 
transmission source information and the transmission 
destination information which have been respectively 
held as the transmission destination and the trans- 
mission source within the header of an IP layer as a 
network layer in the management protocol proxy data 
corresponding to the data of an application layer from 
the packets of the management protocol SNMPs which have 



been respectively sent from the manager 4 0 of the node 
80, and the node 50 and the node 90 as the managed 
nodes. Further, as for a transport layer of the packet 
of the management protocol proxy data, for example, a 
5 TCP of a connection type is employed. In addition, the 
transmission destination and the transmission source of 
the management protocol proxy data itself become the 
management protocol proxy or the management protocol 
proxy server. 

10 Now, the description will hereinbelow be 

given with respect to the flow of the data when the 
communication is carried out from the manager 4 0 to the 
node 50 or the node 90 as the managed node and in the 
direction opposite thereto, i.e., from the node 50 or 

15 the node 90 as the managed node to the manager 40 
through the management protocol proxy 60a and the 
management protocol proxy server 60b. At the time when 
the data of the management protocol sent by the node 40 
as the manager has been delivered to the management 

20 protocol proxy 60a, the management protocol proxy 60a 
combines the data itself of the management protocol 
with the information exhibiting the essential .trans- 
mission destination and transmission source of the data 
of the management protocol to generate the management 

25 protocol proxy data and sends the management protocol 
proxy data thus generated to the management protocol 
proxy server 60b. Then, the management protocol proxy 
server 60b fetches the data of the management protocol 
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and the information exhibiting the essential trans- 
mission destination from the received management 
protocol proxy data to reconstruct the packet of the 
management protocol to send the packet thus 
5 reconstructed to the node 50 as the managed node which 
is the essential transmission destination. At this 
time, the transmission source of the packet of the 
management protocol is made the management protocol 
proxy server 60b, whereby the response from the node 50 
10 is sent to the management protocol proxy server 60b. 
Then, the management protocol proxy server 60b which 
has received the response packet of the management 
protocol from the node 50 translates that response 
packet into the management proxy protocol data to 
15 return the resultant management proxy protocol data 
back to the management protocol proxy 60a. Then, the 
management protocol proxy 60a reconstructs the response 
packet of the management protocol from the management 
protocol proxy data to return the resultant response 
20 packet back to the manager 40. 

In such a manner as described above, in the 
environment in which the communication can not be 
directly carried out between the nodes using the 
management protocol, the communication in accordance 
25 with the management protocol can be carried out through 
the management protocol proxy and the management 
protocol proxy server. 

Further, each of the management protocol 
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proxy and the management protocol proxy server includes 
an address translation function of translating the 
address of the PDU part of the management protocol. As 
a result, the address of the node contained in the 
protocol data unit (hereinafter, referred to as "the 
PDU" for short, when applicable) of the management 
protocol of the node is translated into the virtual 
address which is used to manage the network, whereby 
the management can be carried out as if the node has 
the virtual address. The virtual address which is used 
only in the network management at this time is referred 
to as "the management address" for short when 
applicable in the present embodiment for the sake of 
convenience . 

By the way, while in the configuration shown 
in Fig. 1, the description has been given with respect 
to the case where the management protocol proxy 60a is 
realized in the form of the program, similarly, the 
function of the management protocol proxy server 60b 
can also be realized in the form of the program. In 
this case, the program is recorded in a magnetic disk, 
an optical disc or a magneto-optical disc from which 
the data can be read out by a computer, and the node 
which takes charge of the function of the management 
protocol proxy server is adapted to read out the 
program to execute the program. 

Next, the NAT shown in Fig. 1 will herein- 
below be described. Each of the NATs shown in Fig. 1 



is in conformity to RFC1631. 

Fig. 4 is a diagram useful in explaining the 
function of the NAT. As shown in the figure, the 
description will hereinbelow be given with respect to 
the case where in the network in which a global network 
10 and a private network 30 are connected to each other 
through an NAT 20, an address GO is allocated as a 
global address 200 to a node 40, an address LI is 
allocated as a private address 210 to the managed node, 
and an address Gl is allocated as the global address 
200 to the managed node. In this case, a translation 
table 230 in which the global address and the private 
address are made correspond to each other is provided 
in the NAT 20. As a result, the packet, with respect 
to the address Gl, is transmitted from the node 4 0 side 
to the node 50 side. The NAT 20 translates the trans- 
mission destination address of the packet directed to 
the address Gl from the global address Gl to the 
private address LI in accordance with the translation 
table 230 to transmit the resultant address to the 
private network side. That is, when having reached the 
NAT 2 0 from the node 4 0 side as shown in Fig. 5, the 
packet of interest is the packet in which the informa- 
tion of the address Gl for the transmission destination 
is contained as the header information of the IP layer 
part corresponding to the network layer, while when 
being relayed from the NAT 2 0 towards the node on the 
private network side, is transmitted as the packet in 



which the information of the address LI is contained as 
the header information of the IP layer part as shown in 
Fig. 6 in the transmission destination. On the other 
hand, in the case where the packet is transmitted from 
the node 50 on the private network side towards the 
node 4 0 on the global network side, when having reached 
the NAT 20 from the node 50, the packet of interest is 
the packet in which the information of LI for the 
transmission source is contained as the header informa- 
tion of the IP layer part, while when being relayed 
from the NAT 2 0 towards the node 40 on the global 
network side, is transmitted as the packet in which the 
information of Gl for the transmission source is 
contained as the header information of the IP layer 
part . 

On the basis of such a function of the NAT 
20, as for the setting of the network of the node 50 
itself, the setting has only to be made in such a way 
that the network of the node 50 itself has the private 
address LI. Then, when the node 50 is intended to 
communicate with another apparatus within the private 
network, the communication can be carried out using the 
private address LI. In addition, when the communica- 
tion is intended to be carried out with the apparatus 
on the global network side, the communication can be 
carried out using the global address Gl allocated by 
the NAT 20. 

By the way, in this case, the NAT has been 
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described as the translator having the function of 
carrying out the address translation of the IP layer 
(the address translation of the PDU part of the 
management protocol can not be carried out) . In the 
5 network utilizing such an NAT, as has already been 
described, the address of the PDU part of the manage- 
ment protocol is translated in the management protocol 
proxy server. 

The more concrete network system will herein- 
10 below be described. 

Fig. 7 is one of application examples in the 
network management system and shows a configuration in 
the case where the management is carried out by using 
the proper global address allocated to a managed side 
15 node as the address which is used to manage the 
network. 

A managed node a 50a has the address LI as 
the private address 210. This address of LI is the 
private address, and hence is the address which can be 

20 used only in the private network B 30b. 

Furthermore, as for address translation 230 
in the NAT 20b, the global address Gl is made corre- 
spond to the private address LI, and the address Gl is 
statically allocated as the global address to the 

25 managed node a 50a. When the global network 10 or the 
private network A 30a is intended to communicate 
directly with the managed node a 50a, the communication 
is carried out using the global address Gl . 
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Now, as for address translation 220 in the 
management protocol proxy 60b, the management address 
Gl is made correspond to the private address LI, 
whereby with respect to the management protocol data 
which is to be sent from the managing side to the 
managed side, the global address Gl is translated into 
the private address LI, while with respect to the 
management protocol data which is to be sent from the 
managed side to the managing side, the private address 
LI is translated into the global address Gl . 

As a result, if reference is made to the data 
of the management protocol using the management 
protocol from the manager side, the managed node a 50a 
seems to be as if it has the global address Gl. 

For this reason, as for the management infor- 
mation 240 in the manager 40, the managed node a 50a is 
made correspond to the apparatus having the address Gl, 
and hence the network management can be carried out 
using the address Gl . 

Next, Fig. 8 shows the case where the global 
address to be allocated to the managed node by the NAT 
20b is dynamically allocated thereto. 

In general, the number of global addresses 
which can be used for the external connection in the 
private networks which are connected through the NATs 
is less than the number of apparatuses within the 
private networks. As for the method of utilizing 
effectively the less global addresses, there is 



employed the method wherein the allocation of the 
global address to the apparatus is carried out only for 
a period of time when the apparatus of interest is 
connected to the outside, and at the time when the 
5 connection of the apparatus of interest to the outside 
has been completed, the global address which the 
apparatus of interest has used is adapted to be 
reutilized by another apparatus. In the case where the 
global addresses are dynamically allocated in such a 

10 manner, in general, the global address which is 

allocated to a certain one apparatus differs as the 
case may be. 

In such a case, as the address translation 
230 in the NAT 20b, the global address Gx is made 

15 correspond to the private address LI. Then, the global 
address Gx is the address which is selected among the 
addresses of the fixed choices as the case may be, and 
hence the address Gx is dynamically allocated as the 
global address to the managed node a 50a at least at 

20 that time. What address is allocated is determined by 
the NAT 2 0b. 

Now, if the address Gx is used as the 
management address as it is, then the address which is 
made correspond as the management information 240 in 

25 the manager 40 to the managed node a 50a changes as the 
case may be, and hence the continuation of the manage- 
ment can not be maintained so that the proper network 
management can not be carried out. This is a problem. 
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Then, as for the address translation 220 in 
the management protocol proxy 60b, as shown in Fig. 8, 
the virtual address of VI which is completely different 
from the address Gx is statically allocated. As a 
5 result, as for the management information 240 in the 
manager, the managed node a 50a is made correspond to 
the apparatus having the address VI and hence the 
network management can be properly carried out. 

Fig. 9 shows an example in the case where 
10 there are a plurality of private networks on the 

managed side, and the private addresses of the managed 
nodes within these private networks compete with one 
another. 

A managed node b 50b is present in the 
15 private network B 30b and has the private address LI. 
On the other hand, a managed node c 50c is present in a 
private network C 30c and has the private address LI. 
While the respective addresses conflict with each 
other, since the private address is used only within 
20 the associated one of the private networks in terms of 
the communication, the networks are not confused at 
all. 

However, if the management protocol data is 
directly acquired from the managed node b 50b and the 
25 managed node C 50c using the management protocol, since 
both of these apparatuses respond to the information as 
the apparatus having the private address LI, there 
arises the problem that the manager is confused so that 



the network management can not be properly carried out. 

Then, as shown in Fig. 9, with respect to the 
managed node b 50b, the management address VI is made 
correspond to the private address LI during the address 
5 translation 220b in the management protocol proxy 60b, 
while with respect to the managed node C 50c, the 
management address V2 is made correspond to the private 
address LI during the address translation 220c in the 
management protocol proxy 60c. That is, the management 

10 address VI and the management address V2 are statically 
allocated to the managed node b 50b and the managed 
node c 50c, respectively. 

As a result, as for the management informa- 
tion 240 in the manager, the managed node b is decided 

15 as the apparatus having the management address VI, and 
the managed node c is decided as the apparatus having 
the management address V2 so that the network manage- 
ment can be properly carried out. 

Fig. 10 shows an example in the case where 

20 the management address is allocated to even the 

apparatus to which the global address is not allocated, 
i.e., which is not connected to the outside in order to 
carry out the network management in the private 
network. 

25 A managed node a 50a has the address LI as 

the private address 210a. In addition, as for the 
address translation 230 in the NAT 20b, the global 
address Gl is made correspond to the private address 



LI, and the address Gl is statically allocated as the 
global address to the managed node a 50a. When the 
global network 10 or the private network A 30a intends 
to communicate directly with the managed node a 50a, 
5 the communication is carried out using the global 
address Gl . 

On the other hand, the managed node b 50b has 
the address LI as the private address 210b. However, 
as for the address translation 230 in the NAT 20b, the 

10 global address corresponding to the private address L2 
is not defined, and hence the global network 10 or the 
private network A 30a can not communicate directly with 
the managed node b 50b. But, in this case as well, the 
manager 4 0 can exchange the information with the 

15 managed node 50 as well in accordance with the manage- 
ment protocol through the management protocol proxy. 

At this time, during the address translation 
220 in the management protocol proxy 60b, the manage- 
ment address VI is made correspond to the private 

20 address LI, and also the management address V2 is made 
correspond to the private address 22. That is, the 
management address VI is statically allocated to the 
managed node a 50a, and also the management address V2 
is statically allocated to the managed node b 50b. As 

25 a result, as for the management information 240 in the 
manager, the managed node a 50a is decided as the 
apparatus having the management address VI, and the 
managed node b 50b is decided as the apparatus having 



the management address V2 in order to carry out the 
network management. 

Fig. 11 shows an example in which when the 
management address is allocated to even the apparatus 
5 to which the global address is not allocated, i.e., 
which is not connected to the outside in the private 
network in order to carry out the network management, 
with respect to the apparatus to which the global 
address is allocated, the global address is used for 

10 the management address, while with respect to the 

apparatus to which the global address is not allocated, 
the virtual address is used therefor. 

The managed node a 50a has the address LI as 
the private address 210a. In addition, as for the 

15 address translation 230 in the NAT 20b, the global 
address Gl is made correspond to the private address 
LI, and the address Gl is statically allocated as the 
global address to the managed node a 50a. When the 
global network 10 or the private network A 30a intends 

20 to communicate directly with the managed node a 50a, 
the communication is carried out using the global 
address Gl . 

On the other hand, the managed node b 50b has 
the address L2 as the private address 210b. However, 
25 as for the address translation 230 in the NAT 20b, the 
global address corresponding to the private address L2 
is not defined, and hence the global network 10 or the 
private network A 30a can not communicate directly with 



the managed node b 50b. But, in this case as well, the 
manager 40 can exchange the information with the 
managed node 50b as well in accordance with the manage- 
ment protocol through the management protocol proxy. 
5 At this time, during the address translation 

220 in the management protocol proxy 60b, the manage- 
ment address Gl is made correspond to the private 
address LI, and also the management address V2 is made 
correspond to the private address L2 . That is, the 

10 management address Gl is statically allocated to the 
managed node a 50a and also the management address V2 
is statically allocated to the managed node b 50b. As 
a result, as for the management information 240 in the 
manager, the managed node a 50a is decided as the 

15 apparatus having the address Gl, and the managed node b 
50b is decided as the apparatus having the address V2 
in order to carry out the network management. 

Subsequently, the configuration of the 
management protocol proxy will hereinbelow be described 

20 with reference to Fig. 12 and Fig. 13. 

Fig. 12 is a block diagram showing a 
configuration of the management protocol proxy on the 
managed side. 

The management protocol proxy 60b on the 

25 managed side includes: an interproxy communication unit 
61 for processing the establishment of the interproxy 
communication path 7 0 between the management protocol 
proxy 60a on the managing side and the unit 61 and the 



transmission/reception of the management protocol proxy 
data; a proxy data assembly/disassembly unit 62 for 
processing the disassembly/assembly management protocol 
proxy data; an address translation processing unit 63 
5 for subjecting the address information within the PDU 
of the management protocol to the address translation; 
an ASN.1MIB define statement and an address translation 
definition 65 each of which becomes an input to the 
address translation processing unit; and an SNMR 

10 message transmission/reception unit 66 for 

transmitting/receiving the SNMP message between the 
managed node and the unit 66. 

At the time when the message of the manage- 
ment protocol issued from the manager 4 0 has been 

15 translated into the management protocol proxy data by 
the management protocol proxy 60a on the managing side 
to be transmitted to the management protocol proxy on 
the managed side, first of all, the interproxy 
communication unit 61 receives the management protocol 

20 proxy data transmitted thereto to deliver the manage- 
ment protocol proxy data thus received to the proxy 
data assembly/disassembly unit 62. Then, the proxy 
data assembly/disassembly unit 62 disassembles the 
received management protocol proxy data to deliver the 

25 management protocol proxy data thus disassembled to the 
address translation processing unit 63. Then, the 
address translation processing unit 63 subjects the 
transmission source address data and the transmission 
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destination address data of the management protocol 
proxy data thus delivered thereto and the address 
information within the PDU of the management protocol 
into the address translation in accordance with the 
5 ASN.1MIB define statement 64 and the address transla- 
tion definition 65 to deliver the translation result to 
the proxy data disassembly/assembly unit 62. Then, the 
proxy data assembly/disassembly unit 62 fetches the 
transmission destination information, the transmission 

10 source information, and the PDU of the management 

protocol from the proxy data to deliver the information 
and the PDU thus fetched to the SNMP message 
transmission/reception unit 66. Then, the SNMP message 
transmission/reception unit 66 transmits the PDU of the 

15 management protocol to the managed node 50 which has 
been specified as the transmission destination. That 
is, the SNMP message transmission/reception unit 66 
transmits the SNMP message to the managed node 50. 
Then, the managed node 50 returns the response 

20 corresponding to the SNMP message thus transmitted 

thereto back to the SNMP message transmission/reception 
unit 66. Then, the SNMP message transmission/reception 
unit 66 delivers the SNMP message of the response thus 
received, and the information of the transmission 

25 source and transmission destination thereof to the 
proxy data assembly/ disassembly unit 62. Then, the 
proxy data assembly/disassembly unit 62 delivers the 
information of the transmission destination and the 



transmission source, and the PDU of the management 
protocol as the response to the address translation 
processing unit 63. Then, the address translation 
processing unit 63 subjects the transmission source 
5 address data and the transmission destination address 
data of the management protocol proxy data delivered 
thereto, and the address information within the PDU of 
the management protocol to the address translation to 
deliver the translation result to the proxy data 

10 disassembly/assembly unit 62. Then, the proxy data 

disassembly/assembly unit 62 assembles the information 
of the transmission destination and the transmission 
source, and the PDU of the management protocol in the 
form of the management protocol proxy data to deliver 

15 the data thus assembled to the interproxy communication 
unit 61. Then, the interproxy communication unit 61 
transmits the management protocol proxy data to the 
management protocol proxy 60a on the managing side, and 
also the management protocol proxy 60a on the managing 

20 side returns the PDU of the management protocol back to 
the manager 40. 

Now, the ASN.1MIB define statement 64 is the 
MIB define statement described by the ASN.l (Abstract 
Syntax Notation One) which is the standard description 

25 method for the MIB object described in RFC1212 (Concise 
MIB Definition) and the like. In general, the MIB 
define statement by ASN.l is widely open to the public 
by a person who had defined the MIB module thereof. In 



the present embodiment, since the address contained in 
Variable-Bindings of the protocol data unit of the 
management protocol is translated using the information 
which is obtained by analyzing the MIB define statement 
5 by ASN.l, the special define statement becomes 

unnecessary so that the configuration becomes simpler. 

Fig. 13 is a block diagram showing a configu- 
ration of the management protocol proxy on the managing 
side . 

10 The management protocol proxy 60a on the 

managing side includes: an SNMP message transmission/ 
reception unit 66 for transmitting/receiving the SNMP 
message to/ from an SNMP manager 41 on the manager 40; a 
proxy data assembly/disassembly unit 62 for processing 

15 the disassembly/assembly of the management protocol 

proxy data; and an interproxy communication unit 61 for 
processing the establishment of the interproxy communi- 
cation path 70 distributed between the management 
protocol proxy 60b on the managed side and the unit 61, 

2 0 and the transmission/reception of the management 
protocol proxy data. 

At the time when the SNMP message issued from 
the SNMP manager 41 on the manager 40 has been 
delivered to the management protocol proxy 60a on the 

25 managing side, the SNMP message transmission/reception 
unit 60 receives the SNMP message to deliver the SNMP 
message thus received to the proxy data assembly/ 
disassembly unit 62. Then, the proxy data assembly/ 



disassembly unit 62 assembles the management protocol 
proxy data from the SNMP message thus delivered 
thereto, and the information of the transmission 
destination and the transmission source thereof to 
5 deliver the management protocol proxy data thus 
assembled to the interproxy communication unit 61. 
Then, the interproxy communication unit 61 transmits 
the management protocol proxy data thus delivered 
thereto to the management protocol proxy 60b on the 

10 managed side. Further, the interproxy communication 
unit 61 receives the management protocol proxy data of 
the response returned from the management protocol 
proxy 60b on the managed side to deliver the management 
protocol proxy data thus received to the proxy data 

15 assembly/disassembly unit 62. Then, the proxy data 

assembly/disassembly unit 62 fetches the information of 
the transmission source and the transmission destina- 
tion, and the SNMP message from the management protocol 
proxy data to deliver the information and the message 

20 thus fetched to the SNMP message transmission/reception 
unit 66. Then, the SNMP message transmission/reception 
unit 66 returns the SNMP message back to the SNMP 
message 41 on the manager 4 0 in accordance with the 
delivered information. 

25 Fig. 14 shows one example of the management 

protocol proxy data which is transmitted/received on 
the interproxy communication path 70 distributed 
between the management protocol proxy 60a on the 



manager side and the management protocol proxy 60b on 
the managed side, and also shows an example in the case 
where the management protocol is the SNMP. In this 
case, the management protocol proxy data is the data 
5 containing therein the information of the transmission 
source of the SNMP message, the information of the 
transmission destination of the SNMP message, and the 
SNMP PDU. 

Fig. 2 is a diagram showing the packet of the 
10 normal SNMP message. By the way, the packet is shown 
only with respect to the upper part with respect to the 
IP layer as the network layer. In the normal SNMP 
packet, the information of the transmission source and 
the information of the transmission destination at the 
15 IP layer level become the transmission source and the 
transmission destination of the SNMP message itself as 
they are. 

Fig. 3 is a diagram showing the packet of the 
management protocol proxy data in the case where the 

20 management protocol is the SNMP. By the way, the 
packet is shown only with respect to the upper part 
with respect to the IP layer as the network layer. In 
the packet of the management protocol proxy data, the 
transmission source or the transmission destination at 

25 the IP layer level is one of the management protocol 
proxies which are present in the both sides of the 
interproxy communication path 70, respectively, and the 
data of the transmission source and the transmission 
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destination of the SNMP message is contained in the 
form of the management protocol proxy data correspond- 
ing to the application layer in the packet. Therefore, 
the virtual address which is used for the address 
translation is not used as the transmission destination 
or the transmission source address of the actual 
communication packet. For this reason, even if the 
virtual address is used which is not allocated from the 
organ such as the NIC to the organization thereof, this 
does not impede the communication at the IP layer, 
i.e., at the network layer level at all. 

In such a manner as described above, the 
addresses of the SNMP message transmission source and 
transmission destination on the management protocol 
proxy data are subjected to the address translation, 
whereby the virtual address which is not the proper 
global address can be used in the management address, 
and hence the private network can be subjected to the 
network management including the apparatuses each not 
having the global address. 

Next, the proxy data assembly/disassembly 
unit 62 will hereinbelow be described with reference to 
Fig. 15, Fig. 17 and Fig. 18. 

Fig. 15 is a block diagram showing a 
configuration of the proxy data assembly/ disassembly 
unit 62. 

The proxy data assembly/ disassembly unit 62 
includes: an assembly/disassembly processing unit 68 



for executing the assembly/disassembl y processing; and 
the other party proxy definition 69 in which the 
correspondence relationship between the transmission 
destination of the SNMP message and the other party to 
which the SNMP message is to be transmitted is defined. 

Fig. 16 shows a definition example of the 
other party proxy definition. 

A definition line 311 is a definition line 
exhibiting that the SNMP message in which a first octet 
of the transmission destination address is 100 is 
transmitted to the management protocol proxy in which 
the address is 200.10.20.30. 

A definition line 312 is a definition line 
exhibiting that the SNMP message in which a first octet 
of the transmission destination address is 101 and a 
second octet thereof is 10 is transmitted to the 
management protocol proxy in which the address is 
200.10.20.30. 

A definition line 313 is a definition line 
exhibiting that the SNMP message in which a first octet 
of the transmission destination address is 10, a second 
octet thereof is 20, and a third octet thereof is 80 is 
transmitted to the management protocol proxy in which 
the address is 230.51.62.72. 

A definition line 314 is a definition line 
exhibiting that the SNMP message in which the trans- 
mission destination address is 120.60.11.8 is 
transmitted to the management protocol proxy in which 
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the address is 230.51.62.72. 

By the way, the transmission address at this 
time is represented using the management address. 

Fig. 17 shows a flow chart useful in explain- 
5 ing the proxy data assembly processing. 

In Step 151, the SNMP message is received 
from the SNMP message transmission/reception unit. 

In Step 152, both of the transmission source 
address and the transmission destination address are 
10 fetched from the IP header part of the SNMP message. 

In Step 153, the SNMP PDU is fetched from the 
SNMP message. 

In Step 154, the transmission source address, 
the transmission destination address and the SNMP PDU 
15 which have been fetched from the IP header part of the 
SNMP message are stored in the management protocol 
proxy data. In Step 155, the other party proxy address 
which is made correspond to the transmission destina- 
tion address fetched from the IP header part of the 
20 SNMP message is retrieved in the other party proxy 
definition, and the other party proxy address of 
interest is decided as the transmission destination of 
the protocol proxy data. 

In a manner as described above, the proxy 
25 data assembly/ disassembly unit assembles the management 
protocol proxy data. 

Fig. 18 shows a flow chart useful in explain- 
ing the proxy data disassembly processing. 
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In Step 161, the management protocol proxy- 
data, and the address of the management protocol proxy 
as the other party which has transmitted the management 
protocol proxy data of interest are received from the 
interproxy communication part. In Step 162, the 
transmission source address, the transmission destina- 
tion address and the SNMP PDU are fetched from the 
management protocol proxy data. In Step 163, the 
transmission source address and the transmission 
destination address which have been fetched from the 
management protocol proxy data are stored in the IP 
header part of the SNMP message. In Step 164, the SNMP 
PDU which has been fetched is stored in the SNMP 
message . 

In a manner as described above, the proxy 
data assembly/disassembly unit disassembles the 
management protocol proxy data. 

Fig. 19 is a block diagram showing a 
configuration of the address translation processing 
unit 63. 

The address translation processing unit 63 
includes: an SNMP message transmission source/ 
transmission destination address translation unit 85 
for translating the address of the transmission source 
and the address of the transmission destination of the 
SNMP message; and a PDU address translation unit 80 for 
translating the address information contained in the 
SNMP PDU. In addition, the PDU address translation 



- 34 - 

unit 80 includes: a PDU analysis/translation unit 81 
for processing the analysis of the PDU and the address 
translation; an object identifier address translation 
unit 82 for processing the translation of the address 
5 which is contained as the object identifier of the 
address information contained in the PDU; an MIB 
instance value address translation unit 83 for 
processing the translation of the address which is 
contained as the MIB instance value of the address 

10 information contained in the PDU; and an agent-addr 

translation unit 84 for processing the translation of 
the address which is contained as the source address of 
trap (agent-addr) address of the address information 
contained in the PDU. 

15 At the time when the management protocol 

proxy data has been delivered from the proxy data 
assembly/disassembly unit 62 to the address translation 
processing unit 63, first of all, the SNMP message 
transmission source/transmission destination address 

20 translation unit 85 carries out the address translation 
with respect to the transmission source and trans- 
mission destination of the SNMP message in the manage- 
ment protocol proxy data in accordance with the address 
translation definition 65. Next, the SNMP message 

25 transmission source/transmission destination address 
translation unit 85 delivers the management protocol 
proxy data to the PDU analysis/ translation unit 81. 
Then, the PDU analysis/translation unit 81 carries out 
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the analysis with respect to the PDU in the delivered 
management protocol proxy data to extract the part, for 
which the address translation is required, from the 
PDU. First of all, the trap transmission source 
address part is extracted from the PDU to be delivered 
to the trap transmission source address translation 
unit 84 which subjects in turn the trap transmission 
source address to the address translation in accordance 
with the address translation definition 65 to return 
the resultant address information back to the PDU 
analysis/translation unit 81. Then, the PDU analysis/ 
translation unit 81 replaces the trap transmission 
source address part of the PDU with the address, after 
completion of the address translation, which has been 
received from the trap transmission source address 
translation unit 84. In addition, the MIB instance 
value in which the kind of data represents the IP 
address is extracted from the PDU to be delivered to 
the MIB instance value address translation unit 83. 
Then, the MIB instance value address translation unit 
83 subjects the MIB instance value to the address 
translation in accordance with the address translation 
definition 65 to return the resultant address informa- 
tion of the MIB instance value back to the PDU 
analysis/translation unit 81. Then, the PDU analysis/ 
translation unit 81 replaces the MIB instance value 
part of the PDU with the address, after completion of 
the address translation, which has been received from 
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the MIB instance value address translation unit 83. In 
addition, the object identifier of the MIB is extracted 
from the PDU to be delivered to the object identifier 
address translation unit 82. Then, the object 
5 identifier address translation unit 82 subjects the IP 
address contained in the object identifier to the 
address translation in accordance with the ASN.1MIB 
define statement and the address translation definition 
65 to return the resultant address information of the 
10 object identifier back to the PDU analysis/translation 
unit 81. Then, the PDU analysis/translation unit 81 
replaces the object identifier part of the MIB of the 
PDU with the address, after completion of the address 
translation, which has been received from the object 
15 identifier address translation unit 82. Finally, the 
PDU analysis/translation unit returns the management 
protocol proxy data containing therein the PDU after 
completion of the address translation back to the proxy 
data assembly/disassembly unit 62. 
20 In a manner as described above, the address 

translation processing unit can carry out the address 
translation with respect to the data of the management 
protocol . 

Fig. 20 is a block diagram showing a configu- 
25 ration of the object identifier address translation 
unit 82. 

The object identifier address translation 
unit 82 includes: an ASN.1MIB define statement decoding 
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unit 88 for decoding the ASN.1MIB define statement 65; 
a translation subject object identifier extraction unit 
89 for extracting the object in which the object 
identifier needs to be translated on the basis of the 
definition contents of the decoded MIB; an object 
identifier comparison unit 8 6 for comparing the object 
identifier delivered from the PDU analysis/translation 
unit 81 with the object identifier extracted by the 
translation subject object identifier extraction unit 
89 to judge whether or not the delivered object 
identifier needs to be translated; and an address 
translation extraction unit 87 for on the basis of the 
definition information extracted by the translation 
subject object identifier extraction unit 8 9 and the 
address translation definition 65, subjecting the 
object identifier to the address translation. 

First of all, the ASN.1MIB define statement 
decoding unit 88 reads out the ASN.1MIB define state- 
ment 65 to decode the ASN.1MIB define statement 65 thus 
read out to deliver the information of the MIB defini- 
tion obtained by the decoding to the translation 
subject object identifier extraction unit 89. Then, 
the translation subject object identifier extraction 
unit 89 extracts the MIB object having the possibility 
of containing the IP address in the object identifier 
from the delivered MIB statement to deliver the list of 
the object identifiers of the corresponding MIB object 
and the INDEX information as the definition information 
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of the corresponding MIB object to the object identi- 
fier comparison unit 86 and the address translation 
extraction unit 87, respectively. Now, by the MIB 
object having the possibility of containing the IP 
address in the object identifier is meant the MIB 
object representing the MIB table, i.e., the MIB object 
in which one or more MIB objects within the MIB table 
used as INDEX of the table are the IP addresses. Such 
an object is such that while when acguiring the 
instance as the value of the MIB object on the basis of 
the GET request or the like, INDEX as the instance 
identifier is added on the heals of the object identi- 
fier of the MIB object to be specified as the object 
identifier, since the IP address is used in INDEX at 
this time, there is a possibility that the IP address 
is contained in the object identifier. In addition, as 
for the INDEX information which is to be delivered to 
the address translation execution unit 87, in order 
that when a plurality of MIB objects are made 
correspond to one another as INDEXs of the MIB table, a 
part of the IP address of them may be translated, the 
information is delivered in which SYNTAX s as the kinds 
of MIB objects used as INDEXs are arranged in order. 
For example, in the case of the MIB table in which one 
MIB object of an integral number and the IP address are 
taken as INDEX, the instance identifier becomes the 
identifier having one sub-identifier for an integral 
number and four sub-identifiers for the IP address, 



i.e., five sub-identifiers in total. In the address 
translation, since the second to fifth sub-identifiers 
of them need to be interpreted as the IP address to be 
translated, for INDEX, it is necessary to deliver the 
information having a set of one integral number and one 
IP address to the address translation execution unit 
87. 

Now, at the time when the object identifier 
in the PDU has been delivered from the PDU analysis/ 
translation unit 81 to the object identifier address 
translation unit 82, first of all, the object 
identifier comparison unit 86 receives the object 
identifier. Then, the object identifier comparison 
unit 86 compares the object identifier delivered from 
the PDU analysis/translation unit 81 with the object 
identifier list of the translation subject extracted by 
the translation subject object identifier extraction 
unit 89. If the object identifier delivered from the 
PDU analysis/translation unit 81 is contained in the 
object identifier list of the translation subject, then 
the object identifier is delivered from the PDU 
analysis/translation unit 81 to the address translation 
execution unit 87. On the other hand, if the object 
identifier delivered from the PDU analysis/translation 
unit 81 is not contained in the object identifier list 
of the translation subject, then the object identifier 
delivered from the PDU analysis/translation unit 81 is 
not translated at all to be returned back to the PDU 



analysis/translation unit 81 as it is. 

Next, with respect to the object identifier 
delivered therefrom, first of all, the address transla- 
tion execution unit 87 specifies the location of the IP 
address appearing in the object identifier, i.e., the 
translation location on the basis of the INDEX informa- 
tion delivered from the translation subject object 
extraction unit 89 and next, carries out the address 
translation on the basis of the address translation 
definition 65 to return the object identifier after 
completion of the address translation back to the PDU 
analysis/translation unit 81. 

In a manner as described above, the object 
identifier address translation unit can subject the IP 
address contained in the object identifier of the MIB 
to the address translation. 

The processing in the PDU analysis/ 
translation unit will hereinbelow be described with 
reference to a flow chart shown in Fig. 21. 

In Step 111, the data representing the kind 
of PDU is extracted from the PDU. In Step 112, the 
address translation direction is determined from the 
kind of PDU. By the address translation direction is 
meant whether the address in the PDU is translated from 
the management address into the real address or from 
the real address into the management address. For the 
PDU which is transmitted from the managing side to the 
managed side, the management address is translated into 



the real address. For the PDU transmitted from the 
managed side to the managing side, the real address is 
translated into the management address. Whether the 
PDU is transmitted from the managing side to the 
managed side or from the managed side to the managing 
side is determined every kind of PDU, and hence the 
address translation direction can be determined from 
the kind of PDU in accordance with a table shown in 
Fig. 22. In Step 113, it is judged whether or not the 
kind of PDU is the SNMP trap. If it is judged in Step 
113 that the kind of PDU is the SNMP trap, then the 
processing proceeds to Step 114. On the other hand, if 
it is judged in Step 113 that the kind of PDU is not 
the SNMP trap, then the processing proceeds to Step 
117. In Step 114, the trap transmission source address 
is extracted from the PDU. In Step 115, the trap 
transmission source address extracted in Step 114 and 
the information of the address translation direction 
determined in Step 112 are delivered to the trap 
transmission source address translation unit and then 
the trap transmission source address after completion 
of the translation is received. In Step 116, the trap 
transmission source address of the PDU is replaced with 
the trap transmission source address, after completion 
of the translation, which has been received in Step 
115. In Step 117, it is judged whether or not 
variableBindingList is present in the PDU. If it is 
judged in Step 117 that variableBindingList is present 
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in the PDU, then the processing proceeds to Step 118. 
On the other hand, if it is judged in Step 117 that 
variableBindingList is absent in the PDU, then the 
processing in the PDU analysis/translation unit is 
completed. In Step 118, one unprocessed variableBind 
is executed from variableBindingList. In Step 119, the 
object identifier and the value are extracted from 
variableBind extracted in Step 118. In Step 120, both 
of the MIB instance value extracted in Step 119 and the 
information of the translation direction determined in 
Step 112 are delivered to the MIB instance value 
address translation unit and then the MIB instance 
value after completion of the translation is received. 
In Step 121, both of the object identifier extracted in 
Step 119 and the information of the translation 
direction determined in Step 112 are delivered to the 
object identifier address translation unit and then the 
object identifier after completion of the translation 
is received. In Step 122, the object identifier of 
variableBind of the PDU is replaced with the object 
identifier, after completion of the translation, which 
has been received in Step 121, and also the MIB 
instance value of variableBind is replaced with the MIB 
instance value, after completion of the translation, 
which has been received in Step 120. In Step 123, it 
is judged whether or not the unprocessed variable- 
Binding still remains. If it is judged in Step 123 
that the unprocessed variableBinding still remains, 
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then the processing proceeds to Step 118. On the other 
hand, if it is judged that the unprocessed variable- 
Binding does not yet remain, then the processing in the 
PDU analysis/translation unit is completed. 
5 In a manner as described above, the address 

information in the PDU can be translated. Next, the 
processing in the translation subject object identifier 
extraction unit will hereinbelow be described with 
reference to a flow chart shown in Fig. 23. 
10 In Step 131, one object identifier which is 

defined in the MIB statement is fetched. In Step 132, 
it is judged whether or not the object identifier 
fetched in Step 131 is the identifier representing the 
MIB table. If it is judged in Step 132 that the object 
15 identifier fetched in Step 131 is the identifier 
representing the MIB table, then the processing 
proceeds to Step 133. On the other hand, if it is 
judged in Step 132 that the object identifier fetched 
in Step 131 is not the identifier representing the MIB 
20 table, then the processing proceeds to Step 136. In 
Step 133, SYNTAX of the MIB object in the table which 
is specified as INDEX of the object identifier is 
extracted. In Step 134, it is judged whether or not 
there is even one object in which SYNTAX of the MIB 
25 object in the table extracted in Step 133 is SYNTAX 
representing the IP address. If it is judged in Step 
134 that there is even one object in which SYNTAX is 
SYNTAX representing the IP address, then the processing 



proceeds to Step 135. On the other hand, if it is 
judged in Step 134 that there is not even one object in 
which SYNTAX is SYNTAX representing the IP address, 
then the processing proceeds to Step 136. In Step 135, 
it is judged that the object identifier fetched in Step 
131 is the object identifier of a subject of the 
translation. 

On the other hand, in Step 136, it is judged 
that the object identifier fetched in Step 131 is not 
the object identifier of a subject of the translation. 
In Step 137, it is judged whether or not any of the 
unprocessed object identifiers still remains in the MIB 
define statement. If it is judged in Step 137 that any 
of the unprocessed object identifiers still remains in 
the MIB define statement, then the processing proceeds 
to Step 131. On the other hand, if it is judged in 
Step 137 that any of the unprocessed object identifiers 
does not yet remains in the MIB define statement, then 
the processing proceeds to Step 138. In Step 138, the 
object identifier comparison unit is informed of all of 
the object identifiers each of which has been judged to 
be a subject of the translation. In Step 139, the 
address translation execution unit is informed of all 
of the INDEX information of the object identifiers each 
of which has been judged to be a subject of the 
translation . 

In a manner as described above, it is 
possible to realize the processing in the translation 



subject object identifier extraction unit. 

Fig. 24 shows a definition example of the 
address translation definition 65. 

A definition line 301 is a definition example 
in the case where only a first octet of the IP address 
is translated. In this case, with respect to all of 
the real addresses in each of which the first octet is 
10, the real address in which the first octet is 
translated into 100 becomes the management address. 
For example, in the case where the address 100.1.2.3 is 
present in the data of the management protocol which 
has been transmitted from the manager 4 0, the address 
of interest is translated into an address 10.1.2.3 
through the address translation to be relayed to the 
managed node 50. On the contrary, in the case where 
the address 10.1.2.3 is present in the response from 
the managed node 50, the address of interest is 
translated into an address 100.1.2.3 through the 
address translation to be relayed to the manager 40. A 
definition line 302 is a definition example in the case 
where a first octet and a second octet of the IP 
address are both translated. In this case, with 
respect to all of the real addresses in each of which 
the first octet is 172 and the second octet is 16, the 
real address in which the first octet is translated 
into 101 and the second octet is translated into 10 
becomes the management address. For example, in the 
case where the address 101.10.1.2 is present in the 
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data of the management protocol which has been 
transmitted from the manager 40, the address of 
interest is translated into an address 172.16.1.2 
through the address translation to be relayed to the 
5 managed node 50. On the contrary, in the case where 
the address 172.16.1.2 is present in the response from 
the managed node 50, the address of interest is 
translated into an address 101.10.1.2 through the 
address translation to be relayed to the manager 40. A 
10 definition line 303 is a definition example in the case 
where a first octet, a second octet and a third octet 
of the IP address are all translated. In this case, 
with respect to all of the real addresses in each of 
which the first octet is 172, the second octet is 17 
15 and the third octet is 50, the real address in which 
the first octet is translated into 110, the second 
octet is translated into 20 and the third octet is 
translated into 80 becomes the management address. For 
example, in the case where the address 110.20.80.1 is 
20 present in the data of the management protocol which 
has been transmitted from the manager 40, the address 
of interest is translated into an address 172.17.50.1 
through the address translation to be relayed to the 
managed node 50. On the contrary, in the case where 
25 the address 172.17.50.1 is present in the response from 
the managed node 50, the address of interest is 
translated into an address 110.20.80.1 through the 
address translation to be relayed to the manager 40. 
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In addition, a definition line 304 is a definition 
example in the case where when all of the octets from 
the first octet to the fourth octet are translated. In 
this case, the real address in which the address is 
5 192.168.20.5 is translated into the address 120.60.11.8 
for management. For example, in the case where the 
address 120.60.11.8 is present in the data of the 
management protocol which has been transmitted from the 
manager 40, the address of interest is translated into 

10 an address 192.168.20.5 through the address translation 
to be relayed to the managed node 50. On the contrary, 
in the case where the address 192.168.20.5 is present 
in the response from the managed node 50, the address 
of interest is translated into an address 120.60.11.8 

15 through the address translation to be relayed to the 
manager 40. 

Fig. 25 is a diagram showing an example of a 
configuration of another virtual network management 
system. 

20 In this case, while the manager 4 0 and the 

management protocol proxy 60a on the manager side are 
present on the global network 10, it is possible to 
carry out the virtual network management using the 
management address without being different from the 

25 case having the configuration shown in Fig. 1. 

Fig. 26 and Fig. 27 are respectively block 
diagrams showing configurations of the management 
protocol proxies in still another embodiment and yet 



another embodiment, i.e., embodiments in the case where 
the address translation is carried out by the manage- 
ment protocol proxy on the managing side. 

In these cases as well, the address transla- 
5 tion can be carried out in the same manner as that in 
the case where the address translation is carried out 
by the management protocol proxy on the managed side 
shown in Fig. 12 and Fig. 13. But, when the address 
translation is carried out in the management protocol 
.0 proxy on the managing side, the address translation 

definition which is to be carried out in the management 
protocol proxy on the managing side is defined 
individually every private network on the managed side. 
For example, the address translation definition 65b and 
5 the address translation definition 65c are respectively 
defined for the private network B on the managed side 
and for the private network C on the managed side. As 
a result, even in the case where the private addresses 
of the managers conflict with each other in a plurality 
0 of private networks on the managed side as in the 

configuration shown in Fig. 9, the address translation 
can be made carried out properly. 

Fig. 28 is a block diagram showing a 
configuration of the virtual network management system 
5 in a further embodiment, and Fig. 2 9 is a block diagram 
showing a configuration of the management protocol 
proxy on the managed side in the further embodiment. 
In these figures, each of the configurations is such 



that the management protocol proxy on the managed side 
is operated on the same apparatus as the NAT conforming 
to RFC1631. 

The configuration of this example is such 
that the manager 40 and the management protocol proxy 
60a on the managing side are present on the global 
network 10, and the management address translation is 
carried out in the management protocol proxy on the 
managed side, and the management protocol proxy on the 
managed side is operated on the same apparatus as that 
of the NAT 2 0 conforming to RFC 1631. 

Fig. 29 shows the configuration of the 
management protocol proxy 60b on the managed side which 
is operated on the same apparatus as that of the NAT 20 
not having the address translation function of the 
management protocol conforming to RFC1631. A point of 
difference from the configuration shown in Fig. 12 is 
that when the interproxy communication unit 61 is 
intended to communicate with the management protocol 
proxy 60a on the managing side, the communication is 
carried out through a global network side communication 
protocol processing unit 21, and when the SNMP message 
transmission/reception unit 66 transmits/receives the 
data to/from the managed node 50, the communication is 
carried out through a private network side communica- 
tion protocol processing unit 23 of the NAT 20. By the 
way, as for the motion conforming to RFC1631 of the NAT 
20, with respect to the packet which is intended to 



pass through the associated apparatuses of the NAT 20 
from the global network side to the private network 
side, first of all, the global network side communica- 
tion protocol processing unit 21 catches the packet 
which is intended to pass therethrough to deliver the 
packet thus caught to an RFC1631 conformity address 
translation processing unit 22, and then the RFC1631 
conformity address translation processing unit 22 
carries out the address translation. Thereafter, the 
packet of interest is delivered to the private network 
side communication protocol processing unit 23 to be 
sent to the private network side by the private network 
side communication protocol processing unit 23. 

On the contrary, with respect to the packet 
which is intended to pass through the associated 
apparatuses of the NAT 2 0 from the private network side 
to the global network side, first of all, the private 
network side communication protocol processing unit 23 
catches the packet which is intended to pass there- 
through to deliver the packet thus caught to the 
RFC1631 conformity address translation processing unit 
22 and then the RFC1631 conformity address translation 
processing unit 22 carries out the address translation. 
Thereafter, the packet is delivered to the global 
network side communication protocol processing unit 21 
to be sent to the global network side by the the global 
network side communication protocol processing unit 21. 

However, the communication made by the 



interproxy communication unit 61 is the communication 
in which the address on the global network side of the 
apparatus in which the NAT and the management protocol 
proxy on the managed side are both operated is made 
5 either the transmission destination or the transmission 
source, but is not the communication in which the 
associated information is not intended to pass through 
the NAT 20. For this reason, the data is delivered 
from the global network side communication processing 

10 unit 21 to the interproxy communication unit 61 as it 
is without passing through the RFC1631 conformity 
address translation processing unit 22. 

In addition, with respect to the communica- 
tion as well made by the SNMP message transmission/ 

15 reception unit 66, it is the communication in which the 
address on the private network side of the apparatus in 
which the NAT and the management protocol proxy on the 
managed side are both operated is made either the 
transmission destination or the transmission source, 

20 but is not the communication in which the associated 

information is not intended to pass through the NAT 20. 
For this reason, the data is delivered from the private 
network side communication processing unit 23 to the 
SNMP message transmission/reception unit 66 as it is 

25 without passing through the RFC1631 conformity address 
translation processing unit 22. 

From the foregoing, it is possible that the 
management protocol proxy having the same configuration 



as that of the management protocol proxy on the managed 
side shown in Fig. 12 is employed to be operated on the 
same apparatus as the NAT 20 to realize the virtual 
network management. 
5 By the way, as has already been described, 

the processing in the management protocol proxy, as 
shown in the flow chart, can be realized in the form of 
the program. 

Above, while the NAT has been described as 

10 the apparatus for carrying out the address translation 
of the IP layer (the NAT does not have the function of 
translating the address of the PDU part of the manage- 
ment protocol) , in the case where the NAT has the 
function of carrying out the address translation of the 

15 IP layer and the function of translating the address of 
the PDU part of the management protocol, the NAT and 
the management protocol proxy server can be selectively 
utilized to carry out the address translation of the 
PDU part of the management protocol. 

20 As set forth hereinabove, according to the 

present invention, the data communication can be 
carried out between the proxies of the management 
protocol, and also the data communication by the 
management protocol can be carried out between the 

25 nodes each not having the global address. 

Although the present invention has been 
described with reference to specific embodiments, these 
descriptions are not meant to be construed in a 
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limiting sense. Various modifications of the disclosed 
embodiments, as well as alternative embodiments of the 
invention will become apparent to persons skilled in 
the art upon reference to the description of the inven- 
5 tion. It should be appreciated by those skilled in the 
art that the conception and the specific embodiment 
disclosed may be readily utilized as a basis for 
modifying or designing other configurations for carry- 
ing out the same purpose of the present invention. It 

10 should also be realized by those skilled in the art 

that such equivalent configurations do not depart from 
the spirit and scope of the invention as set forth in 
the appended claims. 

It is therefore contemplated that the claims 

15 will cover any such modifications or embodiments that 
fall within the true scope of the invention. 



